GDPR, SEC, HIPAA, NYDFS and NYSE all mandate risk management measures if not outright penalize companies and citizens for data breaches after the fact which unfortunately means your Grandmas Syphillis medication has to hit Twitter before there’s intervention.
Without strong financial penalties or an impetus to fix at least critical vulns earlier we’ll continue with the status quo.
I don't want that for you, your Grandma or my own. You shouldn’t want it either.
Maybe you thought I made this stuff up but I just stated what the latest best practices and research shows for at least the last 3 years.
1. The specific vulns are known. We’re not talking about 0days here.
2. Attack vectors are completely relevant. Any security professional will tell you this.
You may want to read up:
- https://www.verizon.com/business/resources/reports/dbir/
- https://zerotrust.cyber.gov/
- https://security.googleblog.com/2019/05/new-research-how-eff...
- https://www.oecd.org/sti/consumer/37863861.doc
LASTLY…
GDPR, SEC, HIPAA, NYDFS and NYSE all mandate risk management measures if not outright penalize companies and citizens for data breaches after the fact which unfortunately means your Grandmas Syphillis medication has to hit Twitter before there’s intervention.
Without strong financial penalties or an impetus to fix at least critical vulns earlier we’ll continue with the status quo.
I don't want that for you, your Grandma or my own. You shouldn’t want it either.